ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

ALERT: Meltdown/Spectre Hardware Vulnerability Requires Action

Just a few months after finding themselves in a firmware fiasco, Intel is making news for all the wrong reasons. This issue had the potential to affect the CPU of a device, causing a severe dip in the performance of the device.

In a blog post by a user going by the name Python Sweetness, an issue was reported, describing “an embargoed security bug impacting apparently all contemporary CPU architectures that implement virtual memory, requiring hardware changes to fully resolve.” This means that, thanks to this bug, the interactions that different programs would have with the CPU would be affected.

Under normal circumstances, a CPU will have two modes that it operates under: kernel, which permits the user to make changes to the computer itself, and user, which is considered a ‘safe’ mode. Python Sweetness discovered a bug that blurred the distinction between the two modes. The bug allowed programs run in user mode to also access kernel mode, possibly allowing malware to access the computer’s hardware.

However, the circumstances have proven to be less dire than they originally appeared. The expectation was that this bug would cause entire processes to shift back and forth between user and kernel mode, hamstringing the speed at which the device would operate. There was also the expectation that this issue would not be able to be resolved without a hardware change.

For PCs with Windows 10 installed and an antivirus that supports the patch, the fix should already be in place. However, to confirm this, go to Settings > Update & Security to see if there are any updates waiting to be installed. If not, check your update history for Security Update for Windows (KB4056892) or check with your antivirus provider to find out when it will be supported, the patch will not install until it sees that the antivirus has been updated to a version that the vendor verifies supports this patch.

Android devices had an update pushed on January 5 to provide some mitigations, with more protections coming in later updates. These patches have already been pushed to Google-branded phones, like the Nexus and Pixel lines, and may have been on other Android devices. It doesn’t hurt to check, and if you haven’t been updated, go online and put pressure on your carrier on a public forum.

Google Chrome should be updated with similar mitigations on January 23, with other browsers updating soon after. To help protect yourself until then, have your IT team activate Site Isolation to minimize the chance of a malicious site accessing data from another browser tab.

Other devices (like NAS devices, smart appliances, networking equipment, media equipment, etc.) may also be at risk, as they are using similar hardware. It’s really important for business owners to have their entire infrastructure reviewed and audited.

These kinds of issues help to demonstrate the value of an MSP’s, or managed service provider’s, services. MSPs like Infracore LLC are sure to keep themselves informed on the latest developments in IT security and any resolutions they can pass on to businesses like yours, if they don’t implement them on your behalf.

As a result, you and the rest of your team can go about your business without having to concern yourself with solving issues like these, knowing that you can trust the team who is solving it for you. For more ways that an MSP can help keep your business security and operations optimized, reach out to Infracore LLC at (858) 509-1970.



No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Saturday, 26 May 2018
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Tag Cloud

Tip of the Week Security Privacy Technology Best Practices Cloud Business computing Google Software Network Security Microsoft Malware Hackers Windows 10 Backup Internet Business Email Android Smartphones Alert Data Small Business Business Continuity Innovation Browser Hosted Solutions Managed IT Services Hardware Office VoIP Computers Disaster Recovery Ransomware Smartphone Business Management Efficiency Law Enforcement Cloud Computing Cybercrime Productivity Computer Outsourced IT User Tips Data Backup Tech Term Cybersecurity Collaboration Virtualization Mobile Devices How To Chrome IT Services Communications Telephone Systems Productivity Social Media Password Communication Quick Tips Artificial Intelligence Managed IT Services Money Windows Work/Life Balance Social Engineering Miscellaneous Router App Health Passwords Mobile Device Management Internet of Things Private Cloud Data Recovery Data Security Google Drive Hacking HaaS Holiday Wi-Fi IT Support Two-factor Authentication Windows 10 Apps Facebook Phishing Bring Your Own Device Data Breach Data Protection Network Automation Saving Money Office Tips Office 365 Upgrade Vulnerability Spam Mobile Device VPN Computer Care Redundancy Government Avoiding Downtime Gadgets CES Website Public Cloud Remote Computing Marketing Remote Monitoring History Automobile Identity Theft Flexibility Data Management Infrastructure Update Data Storage Worker PDF Workplace Tips Big Data Mobility OneNote IT Management Employer-Employee Relationship Managed Service Provider Battery Spam Blocking Electronic Medical Records Server IT Plan Comparison Operating System Microsoft Office Word Unsupported Software End of Support Legal Managed IT Charger Business Intelligence Keyboard Samsung Applications Patch Management Bandwidth BYOD Cleaning Value Scam Criminal Meetings Hiring/Firing Advertising Networking Content Travel Search Workforce Wireless Music Transportation Loyalty Virtual Reality Devices Wireless Charging Audit Employer Employee Relationship Google Docs Current Events Audiobook Video Games How to Accountants Physical Security BDR IT solutions Wearable Technology Benefits SaaS Worker Commute Thought Leadership Sync Cortana Techology Computer Fan Data loss Computer Accessories Knowledge Entertainment Black Market Telecommuting IT Support USB The Internet of Things Firewall Files Google Apps Content Management Screen Mirroring Bluetooth Voice over Internet Protocol Hybrid Cloud Network Congestion Scalability Practices HBO Remote Work Troubleshooting FENG Smart Technology Assessment Addiction Telephony Workers Recovery Blockchain Cast IT Consultant Apple Hosted Computing Outlook Settings Two Factor Authentication Television Cache Skype HIPAA Multi-Factor Security Leadership Risk Management iPhone Inventory Frequently Asked Questions Credit Cards Password Manager User Error Public Computer Relocation Wireless Internet Start Menu Human Resources Rootkit Trending Politics Instant Messaging Monitor Access Control Excel Fraud Books Business Mangement Tools Staff Training Information Technology Education Authentication Tip of the week Amazon Gmail Downtime Save Money Internet Exlporer Humor Vendor Management Specifications webinar Data storage Computing Infrastructure Nanotechnology Windows Server 2008 Amazon Web Services Windows 10s Emergency Recycling Root Cause Analysis Save Time Safety Digital Signature Software Tips Conferencing Smart Tech Windows 7 Online Shopping eWaste Internet exploMicrosoft Best Practice Botnet Encryption Millennials Emails Experience Users Connectivity Flash Evernote Solid State Drive WiFi Congratulations Webinar Twitter CrashOverride Wire Sports Thank You

Mobile? Grab this Article!

QR-Code dieser Seite

Recent Comments

Digital Hold The Case for Hosting Your Phone Solution In-House
24 February 2018
Informative Blog. Thanks a lot for the useful info.
Maria Albert Download the Wrong App and Have More Than Pokémon Fever Infect Your Device
26 September 2017
Occasionally I strive to not concentrate such these kinds of articles and neglect reading like these...
nathan dwyer Your Guide To Mobile Device Management as an SMB
07 September 2017
I come here after quite a while since 2016 and entire this term i have miss the chance to get inform...